3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
Size

63KB
MD5

1a5b618759c7322ef18a38480c98ab10
SHA1

1c3016d469747aa5adfcb28374995099490c4c0d
SHA256

3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5
SHA512

a8d191d0ef3c0944ecfb642ec59ce50b6f41262ee8b839876839f4b3e33e6e98dee76ea265eb377db1d385b14a6f652af237bc24322d6c28bb053378a914b577
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZZ7n97nC:KQSo7ZFZC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3768) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1868-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a000000012286-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/1868-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\XDPFile_8.ico.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\weather.css.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3267b33b045125800f63f8f0e9c380bedb7af89058e36aa7f59df286f8ed83a5_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
63KB

MD5
1be93fcd8ab6d88d32b736da1281d7bd

SHA1
ab964971ae903dd988d7580b91f0323a3661b013

SHA256
cf6ff3c7eddad3085962da90d8a5defd1360038fabf71aefaf9fd64d301a1c1d

SHA512
76bc180d8d6126080ce0d348013001efad17b7e17e5f3b6dbf9a351bfed5ef9ceea711ee26af3c6e358c798903236f65354925d4b3936850eb90db9b3f83624a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
72KB

MD5
75585bb904e61b87b71285714fb3c673

SHA1
a8a7bc7a544e3b22d4e23b46d4e4db277c11dc3f

SHA256
589f6aa93ddb6d0430834f6027a830877d247c45d695cb4ed8811cededd5a681

SHA512
8559c3f4c90626e8b2e27c47bed61789014014f09be573f363eaf8bc3c7d0403dd02f131fed6387db5909f9bc5b36fc1961d2d851ebf267cd47a3cde9385b414

Download Submit
memory/1868-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1868-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads